Which browser are you using? Is it Safari? Safari is very sensitive about URLs ahd cookies.
I think this is what happens in your case:
- You call/open docviewer.aspx with HTTP protocol in the URL even though your site was opened in HTTPS
- Safari considers your docviewer.aspx iframe/window 3rd party url because of protocol mismatch or different domain and blocks cookies because Safari thinks you are not on the same site anymore.;
- DocumentViewer inherits from host page docviewer.aspx and uses HTTP protocol or different domain and thus it’s blocked and throws the error.
If you solve the protocol mismatch or different domain problem for your host page docviewer.asp, then you may not even have to use CookielessSessionMode setting.
When you are on HTTPS and if you have links with non-secure HTTP, then even if it’s same domain it may be considered third-party URL.
You should use URLs with a universal protocol as “//valtinho.com/docviewer.aspx”
“//” means use HTTPS if the parent site (the page that hosts the link tag or JS window.open call) was opened with HTTPS and use HTTP if the parent site was opened with HTTP.
So it works for both cases.
So the problem is not about Document Viewer, it does not call any 3rd party URLS internally, and it supports HTTPS which means if the host page is HTTPS it also uses HTTPS urls.
The problem is in calling your docviewer.aspx with wrong protocol (or a different domain than the main one)